Version 1.26 - Have You Been Pwned?

Have I Been Pwned support

Version 1.26 brings the ability for customers to check any or all of their email addresses against the Have I Been Pwned  dataset from within the Kopi app.

Why bother with this?

Every time you give out your email address to some website / service to create an account - there's a possibility that they may get breached / compromised ("pwned") and leak your data, including your email address. This is one of the reasons why it's a good idea to use an email forwarding service so you don't have to give every website on the internet your real address ;)

Breaches and leaks of email addresses like this are one of the common ways that your email can end up on spam mailing lists. But sometimes when your email address is leaked, the bad people don't immediately start spamming you - sometimes they use the leaked information to try and compromise accounts on other websites, via techniques like "credential stuffing", "spear fishing", etc.

HIBP is a great service for people to check if their email has ever been involved in one of these breaches. But when you use a service like Kopi, you might have a *lot* of addresses to check (there are Kopi users with hundreds of addresses spread across many forwarders and domains).

It's tedious to check all your forwarder addresses individually. So Kopi now has support for checking your forwarder addresses against HIBP directly. You can check an individual address, or you can check all the addresses in your account.

Trial users cannot use the automated HIBP support, but you can manually check an individual address using the Have I Been Pwned home page  directly.

You can find more information on the Have I Been Pwned help page.

Future improvements

If the HIBP feature proves popular - I'll look in to providing for automated notifications of pwned addresses (on an opt-in basis, of course).